Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6868

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6

Published

2020-06-01T13:15:10.267

Last Modified

2024-11-21T05:36:19.520

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:P/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	f680_firmware	zxhn_f680v9.0.10p1n6	Yes
Hardware	zte	f680	-	No

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866 Vendor Advisory ([email protected])
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012866 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)